CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-6820 – IrfanView AWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6820
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-6821 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6821
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 2CVE-2024-37084 – CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
https://notcve.org/view.php?id=CVE-2024-37084
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server • https://github.com/Kayiyan/CVE-2024-37084-Poc https://github.com/vuhz/CVE-2024-37084 https://spring.io/security/cve-2024-37084 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 1CVE-2024-40318
https://notcve.org/view.php?id=CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/3v1lC0d3/RCE-QloApps-CVE-2024-40318 https://github.com/3v1lC0d3/RCE-QloApps/blob/main/qloapps--RCE.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41135 – Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface
https://notcve.org/view.php?id=CVE-2024-41135
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •